1.1 Your personal information: name, address, phone number and diagnoses, medications, pharmacies and physicians is already being collected and used by British Columbia Medical Services Plan and other entities (ICBC, WCB) to whom you have given consent.
1.2 Your doctor will also collect your personal information in order to provide your medical services, as it always has been.
Obidou Health Informatics will only use your personal information in order to...
· Verify your identity
· Open and manage your account
· Provide medical services
· Enrol you in a program or provide you with a service
· Meet regulatory requirements
2.1 After providing your medical care, the first thing we do, is ask for your consent to securely communicate on-line.
Then we give you a Clinic ID#.
After that, all your information is anonymous. It does not have your name, your email or any identifying information. The only one who can connect your information and your name is your doctor.
Then we will ask you for permission to use, store or disclose information in order to do research, improve the treatments we provide or improve the healthcare system.
2.2 Consent can be provided orally, in writing, electronically or through an authorized representative.
2.3 There are no cases of implied consent.
2.4 You can withhold or withdraw your consent at any time.
2.5 Refusing or withdrawing consent will not affect your care in any way.
3.1 We will only use or disclose your personal information as mentioned above and only when necessary to fulfill the purposes identified at the time of collection.
3.2 We may be required to disclose your personal information to third parties when...
The disclosure is required by law
In an emergency that threatens an individual's life, health, or personal security
In any situation where child protection would be warranted
We require legal advice from a lawyer
For the purposes of collecting a debt
To protect ourselves from fraud
To investigate an anticipated contravention of law
3.3 We will not use or disclose your personal information for any additional purpose unless we obtain consent to do so.
3.4 We will never sell your personal information.
3.5 We may use or disclose your de-identified information to conduct surveys in order to enhance the provision of our services.
3.6 We may sell your de-identified information, but only with your specific consent to do so, and not without a reasonable, mutually agreed upon, financial compensation to you.
Retaining Personal Information
4.1 If we use personal information to make a decision that directly affects you, we will retain that information for at least one year, so that you have a reasonable opportunity to request access to it.
4.2 Subject to policy 4.1, we will retain client, customer, patient personal information only as long as necessary to fulfill the identified purposes above.
5.1 We will make reasonable efforts to ensure your personal information is accurate and complete, where it may be used to make a decision about you or disclosed to another organization.
5.2 Patients may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and in sufficient detail to identify the correction being sought.
5.3 If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information. If the correction is not made, we will note the patients’ correction request in the file.
6.1 We are committed to ensuring the security of client, customer and patient personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
6.2 The following security measures will be followed to ensure that patient personal information is appropriately protected, including:
physically securing offices where personal information is held
the use of user IDs, passwords, encryption, firewalls; restricting employee access to personal information as appropriate (i.e., only those that need to know will have access);
contractually requiring any service providers or third parties who requires access, to provide confidentiality agreements or comparable security measures.
6.3 We will use appropriate security measures when destroying patient’s personal information such as shredding documents and permanently deleting electronically stored information.
6.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
7.1 Patients have a right to access their personal information, subject to limited exceptions, such as, solicitor-client privilege, disclosure would reveal personal information about another individual, health and safety concerns.
7.2 A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.
7.3 Upon request, we will also tell patients how we use their personal information and to whom it has been disclosed if applicable.
7.4 We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.
7.5 A fee may be charged for providing access to personal information. Where a fee may apply, we will inform the patient of the cost and request further direction from the patient on whether or not we should proceed with the request.
7.6 If a request is refused in full or in part, we will notify the patient in writing, providing the reasons for refusal and the recourse available to the client, customer, member.
Questions and Complaints
8.1 The Privacy Officer or designated individual is responsible for ensuring Obidou Health Informatics’ compliance with this policy and the Personal Information Protection Act.
8.2 Clients, customers, patients should direct any complaints, concerns or questions regarding Obidou Health Informatics’ compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the client, customer, patient may also write to the Information and Privacy Commissioner of British Columbia.
Obidou Health Informatics’ Privacy Officer
Ms. Astrid Sherman